AWS EKS with assumed role and kubectl

Keep in my mind, that you’re will not be able to login to kubernetes cluster after creation EKS via terraform in role assumed.

need to have a profile which assumed role like this in ~/.aws/config

[management]
region = eu-central-1

[dev-eks]
role_arn = arn:aws:iam::84557222244:role/terraform
source_profile = management

then

export AWS_PROFILE=dev-eks
export KUBECONFIG=~/.kube/your_new_cluster_config.conf

After that you will be able to work with auth configmaps

kubectl describe configmap -n kube-system aws-auth

as an option user can be added manually to section: mapUsers

apiVersion: v1
data:
  mapAccounts: |
    []
  mapRoles: |
    - "groups":
      - "system:bootstrappers"
      - "system:nodes"
      "rolearn": "arn:aws:iam::84557222244:role/dev2021080114300461520000000b"
      "username": "system:node:{{EC2PrivateDNSName}}"
  mapUsers: |
    - "groups":
      - "system:masters"
      "userarn": "arn:aws:iam::84557222244:user/eks_api_user"
      "username": "eks_api_user"

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Design a site like this with WordPress.com
Get started